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1.Which two statements are correct about reflecting inet-vpn unicast prefixes in BGP 
route reflection? (Choose two.) 

A. Route reflectors do not change any existing BGP attributes by default when 
advertising routes. 

B. A BGP peer does not require any configuration changes to become a route 
reflector client. 

C. Clients add their originator ID when advertising routes to their route reflector 

D. Route reflectors add their cluster ID to the AS path when readvertising client 
routes. 

Answer: A,B 

Explanation: 

Route reflection is a BGP feature that allows a router to reflect routes learned from 
one IBGP peer to another IBGP peer, without requiring a full-mesh IBGP topology. 
Route reflectors do not change any existing BGP attributes by defa Pwhen 
advertising routes, unless explicitly configured to do so. A BGP pecr does not require 
any configuration changes to become a route reflector client, gñly the route reflector 
needs to be configured with the client parameter under [edit protocols bgp group 
group-name neighbor neighbor-address] hierarchy levee” 
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Click the Exhibit button-Referring to the exhibit, which two statements are correct 
about BGP routes on R3 that are learned from the ISP-A neighbor? (Choose two.) 

A. By default, the next-hop value for these routes is not changed by ISP-A before 
being sent to R3. 

B. The BGP local-preference value that is used by ISP-A is not advertised to R3. 

C. All BGP attribute values must be removed before receiving the routes. 

D. The next-hop value for these routes is changed by ISP-A before being sent to R3. 
Answer: A,B 

Explanation: 

BGP is an exterior gateway protocol that uses path vector routing to exchange routing 
information among autonomous systems. BGP uses various attributes to select the 
best path to each destination and to propagate routing policies. Some pf the common 
BGP attributes are AS path, next hop, local preference, MED, origins Weight, and 
community. BGP attributes can be classified into four categories, well-known 
mandatory, well-known discretionary, optional transitive, and gptional nontransitive. 
Well-known mandatory attributes are attributes that must bg present in every BGP 
update message and must be recognized by every BGRsþeaker. Well-known 
discretionary attributes are attributes that may or may Wot be present in a BGP update 
message but must be recognized by every BGP ker. Optional transitive attributes 
are attributes that may or may not be present in, GP update message and may or 
may not be recognized by a BGP speaker. Ikan optional transitive attribute is not 
recognized by a BGP speaker, it is passegedlong to the next BGP speaker. Optional 
nontransitive attributes are attributes t Pmay or may not be present in a BGP update 
message and may or may not be regggnized by a BGP speaker. If an optional 
nontransitive attribute is not recognized by a BGP speaker, it is not passed along to 
the next BGP speaker. In this giiestion, we have four routers (R1, R2, R3, and R4) 
that are connected in a full Rèsh topology and running IBGP. R3 receives the 
192.168.0.0/16 route fronétts EBGP neighbor and advertises it to R1 and R4 with 
different BGP attributeWalues. We are asked which statements are correct about the 
BGP routes on R3 tat are learned from the ISP-A neighbor. 

Based on the infgřnation given, we can infer that the correct statements are: 

? By default, thè next-hop value for these routes is not changed by ISP-A before 
being sent to R3. This is because the default behavior of EBGP is to preserve the 
next-hop attribute of the routes received from another EBGP neighbor. The next-hop 
attribute indicates the IP address of the router that should be used as the next hop to 
reach the destination network. 

? The BGP local-preference value that is used by ISP-A is not advertised to R3. This 
is because the local-preference attribute is a well-known discretionary attribute that is 
used to influence the outbound traffic from an autonomous system. The local- 
preference attribute is only propagated within an autonomous system and is not 
advertised to external neighbors. 

References: 


httos://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol- 
bgp/13753-25.htmI: 
httos://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol- 
bgp/13762-40.htmI: 
httos://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol- 
bgp/13759-37.html 


3.A packet is received on an interface configured with transmission scheduling. One 
of the configured queues. 
In this scenario, which two actions will be taken by default on a Junos device? 
(Choose two.) 
A. The excess traffic will be discarded oO 
B. The exceeding queue will be considered to have negative bandwith credit. 
C. The excess traffic will use bandwidth available from other queseses 
D. The exceeding queue will be considered to have positive bahdwidth credit 
Answer: A,C Py 
Explanation: so” 
In Junos devices, when a packet is received on an inte¥iace configured with 
transmission scheduling, and one of the configur ueues is exceeding its allocated 
bandwidth, the typical actions taken are based othe scheduling configuration and 
congestion management mechanisms in plage: Here are the two likely default actions: 
The excess traffic will be discarded. When queue exceeds its configured bandwidth, 
and if there are no other congestion maxtagement mechanisms in place (like buffer or 
RED profiles), the excess traffic co e dropped by default. 
The excess traffic will use bandwigth available from other queues. If excess 
bandwidth is available from othér queues and the scheduling configuration allows for 
it, excess traffic may utilize tused bandwidth from other queues. This is typical 
behavior in scenarios whee queues are configured with some form of shared 
bandwidth allocation gewhere one queue can borrow unused bandwidth from others. 
BS 

= 
4.Which two statements are correct about VPLS tunnels? (Choose two.) 
A. LDP-signaled VPLS tunnels only support control bit 0. 
B. LDP-signaled VPLS tunnels use auto-discovery to provision sites 
C. BGP-signaled VPLS tunnels can use either RSVP or LDP between the PE routers. 
D. BGP-signaled VPLS tunnels require manual provisioning of sites. 
Answer: B,D 
Explanation: 
In the context of Virtual Private LAN Service (VPLS) and the signaling protocols used 
to establish VPLS tunnels: 
LDP-signaled VPLS tunnels use auto-discovery to provision sites. In LDP-signaled 
VPLS, auto-discovery is used to discover other PE routers that are part of the same 


VPLS instance. This is typically done through the exchange of LDP messages that 
carry VPLS labels. 

BGP-signaled VPLS tunnels require manual provisioning of sites. When using BGP 
for signaling in VPLS (also known as BGP-based VPLS), each site needs to be 
manually provisioned. This includes configuring the site identifier and the parameters 
for the VPLS instance on the PE router. 
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The network showgein the exhibit is based on IS-IS 
Which statemeg$ correct in this scenario? 
A. The NSEL byte for Area 0001 is 00. 
B. The area address is two bytes. 
C. The routers are using unnumbered interfaces 
D. The system IDofR1_2 is 192.168.16.1 
Answer: A 
Explanation: 
IS-IS is an interior gateway protocol that uses link-state routing to exchange routing 
information among routers within a single autonomous system. IS-IS uses two types 
of addresses to identify routers and areas: system ID and area address. The system 
ID is a unique identifier for each router in an IS-IS domain. The system ID is 6 octets 
long and can be derived from the MAC address or manually configured. The area 


address is a variable-length identifier for each area in an IS-IS domain. The area 
address can be 1 to 13 octets long and is composed of high-order octets of the 
address. An IS-IS instance may be assigned multiple area addresses, which are 
considered synonymous. Multiple synonymous area addresses are useful when 
merging or splitting areas in the domain1. In this question, we have a network based 
on IS-IS with four routers (R1_1, R1_2, R2_1, and R2_2) belonging to area 0001. The 
area address for area 0001 is 49.0001. The NSEL byte for area 0001 is the last octet 
of the address, which is 01. The NSEL byte stands for Network Service Access Point 
Selector (NSAP Selector) and indicates the type of service requested from the 
network layer2. Therefore, the correct statement in this scenario is that the NSEL byte 
for area 0001 is 01. 

References: 

1: https://www.cisco.com/c/en/us/td/docs/ios- eS 
xmil/ios/iproute_isis/configuration/xe-16/irs-xe-16-book/irs-ovrvw-cf. Ml 

2: https://www.juniper.net/documentation/us/en/software/junos/ig48/topics/conceptis- 


is-routing-overview.html RY 
4C 
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Referring to the exhibit, CE-1 is providing NAT services for the hosts at Site 1 and you 
must provide Internet access for those hosts 

Which two statements are correct in this scenario? (Choose two.) 

A. You must configure a static route in the main routing instance for the 10 1 2.0/24 
prefix that uses the VPN-A.inet.0 table as the next hop 

B. You must configure a static route in the main routing instance for the 
203.0.113.1/32 prefix that uses the VPN-A.inet.0 table as the next hop. 

C. You must configure a RIB group on PE-1 to leak a default route from the inet.0 
table to the VPN-A.inet.0 table. 

D. You must configure a RIB group on PE-1 to leak the 10 1 2.0/24 prefix from the 


VPN-A.inet.0 table to the inet.0 table. 

Answer: C,D 

Explanation: 

In the given scenario, where CE-1 at Site 1 is providing NAT services and requires 
Internet access for its hosts, the correct configuration on PE-1 to provide Internet 
access involves routing and potentially using Routing Information Base (RIB) groups 
to ensure proper route leaking between VRFs (Virtual Routing and Forwarding 
instances) and the global routing table. Here are the correct statements: 

You must configure a RIB group on PE-1 to leak a default route from the inet.0 table 
to the VPN-A.inet.0 table. By leaking a default route into the VPN-A routing table, 
hosts in Site 1 will be able to access the Internet via the PE-1 gateway. This is 
assuming that PE-1 is the gateway to the Internet for the VPN-A site. 

You must configure a RIB group on PE-1 to leak the 10.1.2.0/24 prefixsirom the VPN- 
A.inet.0 table to the inet.0 table. This step is necessary if other devi 3s in the main 
routing instance need to reach the hosts behind CE-1, which areperforming NAT. 
This allows for return traffic from the Internet destined for ne NATed IP addresses to 


find the correct route back to the CE-1 device. + 
X 

7.Which three mechanisms are used by Junos plațiðrms to evaluate incoming traffic 

for CoS purposes? (Choose three ) sY 

A. rewrite rules O 

B. behavior aggregate classifiers Ká 

C. traffic shapers Pa 

D. fixed classifiers ge 

E. multifield classifiers <C 

Answer: B,D,E oa 

Explanation: ę* 


Junos platforms use diffe mnt mechanisms to evaluate incoming traffic for CoS 
purposes, such as: $ 

? Behavior aggregate classifiers: These classifiers use a single field in a packet 
header to classifystrattic into different forwarding classes and loss priorities based on 
predefined or user-defined values. 

? Fixed classifiers: These classifiers use a fixed field in a packet header to classify 
traffic into different forwarding classes and loss priorities based on predefined values. 
? Multifield classifiers: These classifiers use multiple fields in a packet header to 
classify traffic into different forwarding classes and loss priorities based on user- 
defined values and filters. 

Rewrite rules and traffic shapers are not used to evaluate incoming traffic for CoS 
purposes, but rather to modify or shape outgoing traffic based on CoS policies. 
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You are asked to exchange routes between R1 and R4 as shown in the exhibit. 
These two routers use the same AS number. 
Which two steps will accomplish this task? (Choose two.) 
A. Configure the BGP group with the advertise-peer-as parameter on R1 and R4. 
B. Configure the BGP group with the as-override parameter on R2 and R3 
C. Configure the BGP group with the advertise-peer-as parameter on R2 and R3. 
D. Configure the BGP group with the as-override parameter on R1 angsR4 
Answer: A,B $ 
Explanation: o 
The advertise-peer-as parameter allows a router to advertise i$ peer’s AS number as 
part of the AS path attribute when sending BGP updates tq ther peers. This 
parameter is useful when two routers in the same AS nga to exchange routes 
through another AS, such as in the case of R1 and R49 y configuring this parameter 
on R1 and R4, they can advertise each other’s ASdumber to R2 and R3, 
respectively. oY 
The as-override parameter allows a router tafSplace the AS number of its peer with 
its own AS number when receiving BGP usdates from that peer. This parameter is 
useful when two routers in different ASes need to exchange routes through another 
AS that has the same AS number agiéne of them, such as in the case of R2 and R3. 
By configuring this parameter on 2 and R3, they can override the AS number of R1 
and R4 with their own AS numer when sending BGP updates to each other. 
g 

ra 
9.You want to ensure jWat L1 IS-IS routers have only the most specific routes 
available from L2 ISAS routers. 
Which action agg®mplishes this task? 
A. Configure thé ignore-attached-bit parameter on all L2 routers. 
B. Configure all routers to allow wide metrics. 
C. Configure all routers to be L1. 
D. Configure the ignore-attached-bit parameter on all L1 routers 
Answer: D 
Explanation: 
The attached bit is a flag in an IS-IS LSP that indicates whether a router is connected 
to another area or level (L2) of the network. By default, L2 routers set this bit when 
they advertise their LSPs to L1 routers, and L1 routers use this bit to select a default 
route to reach other areas or levels through L2 routers. However, this may result in 
suboptimal routing if there are multiple L2 routers with different paths to other areas or 


levels. To ensure that L1 routers have only the most specific routes available from L2 
routers, you can configure the ignore-attached-bit parameter on all L1 routers. This 
makes L1 routers ignore the attached bit and install all interarea routes learned from 
L2 routers in their routing tables. 
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user@cE-l# show protocols bgp 
group EBGP—to-PE-1 { 
type external; 
local-address 10.10.0.2; 
peer-os 65550; 
local-as 64511; 
neighbor 10.10.8.1 ¢ 
export static-—to-bdgp; 


user@PE-l@ show protocols bgp group ESGP-to-CE-1 
type external; 
local-address 10.10.0.1; 
peer-oas 64511; 
local-as 65550; 
neighbor 10.10.0.2 { 
family inet { 


unicast { 
prefix-linit ( 
maxinun 5; 
teardown; 


) 
) 


user@ce-12 show policy-options 
policy-statement static-to-bgp { 
term export—static ( 
from { 
protocol static; 
route-—filter 
route-filter 
route-filter 
route-filter 
route-filter 
route-filter 
route-filter 
route-filter 


route~-filter 
route-filter 


) 


then accept; 


CE-1 must advertise ten rele to PE-1 using BGP Once CE-1 starts advertising the 
subnets to PE-1, the B@P peering state changes to Active. 

Referring to the CLI otitput shown in the exhibit, which statement is correct? 

A. CE-1 is advertising its entire routing table. 

B. CE-1 is confifured with an incorrect peer AS 

C. The prefix limit has been reached on PE-1 

D. CE-1 is unreachable 

Answer: C 

Explanation: 

Referring to the CLI output in the exhibit provided and considering the description of 
the scenario where CE-1 must advertise ten subnets to PE-1 using BGP and the BGP 
peering state changes to Active, here are the correct statements based on the typical 
behaviors and configurations in BGP: 

The prefix limit has been reached on PE-1. When the BGP peering state changes to 
Active after the subnets are advertised, it may suggest that the maximum number of 


prefixes that PE-1 is configured to receive has been reached. This is indicated by the 
prefix-limit configuration which is set to a maximum of 5, and as CE-1 is required to 
advertise ten subnets, this limit is exceeded. 


11.By default, which statement is correct about OSPF summary LSAs? 
A. All Type 2 and Type 7 LSAs will be summanzed into a single Type 5 LSA 
B. The area-range command must be installed on all routers. 
C. Type 3 LSAs are advertised for routes in Type 1 LSAs. 
D. The metric associated with a summary route will be equal to the lowest metric 
associated with an individual contributing route 
Answer: C 
Explanation: eS 
OSPF uses different types of LSAs to describe different aspects of È network 
topology. Type 1 LSAs are also known as router LSAs, and theygdéscribe the links 
and interfaces of a router within an area. Type 3 LSAs are als@known as summary 
LSAs, and they describe routes to networks outside an areg but within the same 
autonomous system (AS). By default, OSPF will summae routes from Type 1 LSAs 
into Type 3 LSAs when advertising them across area Boundaries. 

ao 
12.When building an interprovider VPN, yougðtice on the PE router that you have 
hidden routes which are received from youre BGP peer with family inet labeled-unicas3t 
configured. a 
Which parameter must you configure¢to solve this problem? 
A. Under the family inet labeled-uicast hierarchy, add the explicit null parameter. 
B. Under the protocols ospf higearchy, add the traffic-engineering parameter. 
C. Under the family inet la et&d-unicast hierarchy, add the resolve-vpn parameter. 
D. Under the protocols mýs hierarchy, add the traffic-engineering parameter 
Answer: C $ 
Explanation: ğ 
The resolve-vpn parameter is a BGP option that allows a router to resolve labeled 
VPN-IPVv4 routes using unlabeled IPv4 routes received from another BGP peer with 
family inet labeled-unicast configured. This option enables interprovider VPNs without 
requiring MPLS labels between ASBRs or using VRF tables on ASBRs. In this 
scenario, you need to configure the resolve-vpn parameter under [edit protocols bgp 
group external family inet labeled-unicast] hierarchy level on both ASBRs. 


13.Which two EVPN route types are used to advertise a multihomed Ethernet 
segment? (Choose two ) 

A. Type 1 

B. Type 3 


C. Type 4 

D. Type 2 

Answer: A,C 

Explanation: 

EVPN is a solution that provides Ethernet multipoint services over MPLS networks. 
EVPN uses BGP to distribute endpoint provisioning information and set up 
pseudowires between PE devices. EVPN uses different route types to convey 
different information in the control plane. 

The following are the main EVPN route types: 

? Type 1 - Ethernet Auto-Discovery Route: This route type is used for network-wide 
messaging and discovery of other PE devices that are part of the same EVPN 
instance. It also carries information about the redundancy mode and ii balancing 
algorithm of the PE devices. 

? Type 2 - MAC/IP Advertisement Route: This route type is used fo HAC and IP 
address learning and advertisement between PE devices. It dloqiiies information 
about the Ethernet segment identifier (ESI) and the label for  {ghwarding traffic to the 
MAC or IP address. 

? Type 3 - Inclusive Multicast Ethernet Tag Route: This cole type is used for 
broadcast, unknown unicast, and multicast (BUM) traffic forwarding. It also carries 
information about the multicast group and the lab r forwarding BUM traffic. 

? Type 4 - Ethernet Segment Route: This route dpe is used for multinoming 
scenarios, where a CE device is connected tepmore than one PE device. It also 
carries information about the ESI and the gésignated forwarder (DF) election process. 
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A network designer would like to create a summéfy route as shown in the exhibit, but 
S 


the configuration is not working. ge 

Which three configuration changes will create a summary route? (Choose three.) 

A. set policy-options policy-statement leak-v6 term DC-routes then reject 

B. delete policy-options policy-statesyént leak-v6 term DC-routes from route-filter 
2001: db9:a: fa00 ::/6llonger 2 

C. set policy?options policy-stgtément leak-v term DC?routes from route-filter 

2001 :db9:a:faOO::/61 exact?® 

D. delete protocols isis export summary-v6 

E. set protocols isis ingport summary-v6 

Answer: B,C,D oe 

Explanation:  Ś 

To create a summary route for IS-IS, you need to configure a policy statement that 
matches the prefixes to be summarized and sets the next-hop to discard. You also 
need to configure a Summary-address statement under the IS-IS protocol hierarchy 
that references the policy statement. In this case, the policy statement leak-v6 is 
trying to match the prefix 2001 :db9:a:fa00::/61 exactly, but this prefix is not advertised 
by any router in the network. Therefore, no summary route is created. To fix this, you 
need to delete the longer keyword from the route-filter term and change the prefix 
length to /61 exact. This will match any prefix that falls within the /61 range. You also 
need to delete the export statement under protocols isis, because this will export all 
routes that match the policy statement to other IS-IS routers, which is not desired for 
a summary route. 


15.An interface is configured with a behavior aggregate classifier and a multifield 
classifier How will the packet be processed when received on this interface? 

A. The packet will be discarded. 

B. The packet will be processed by the BA classifier first, then the MF classifier. 

C. The packet will be forwarded with no classification changes. 

D. The packet will be processed by the MF classifier first, then the BA classifier. 
Answer: D 

Explanation: 

In Junos, when both a behavior aggregate (BA) classifier and a multifield (MF) 
classifier are configured on an interface, the multifield classifier is evaluated first 
because it is more specific. If the packet does not match any of the muktifield classifier 
terms, then the behavior aggregate classifier is used. The BA classj#ér typically 
classifies based on the DSCP or EXP bits, while the MF classifigetan match on 
multiple fields in the packet header, like source and destination te address, ports, etc. 
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EA AREA 49.0001 A 
10.10.10.3/32 ge-0/0/1.0 ge-0/0/1.0 10.10.10.1/32 
ge-0/0/2.0 10.10.12.2/24 10.10.12.1/24 


10.10.15.2/24 fftf:a0a:cO2 siffff-a0a:cO2 


Level 2 
ge-0/0/2.0 
10.10.13.1/2A 


ge-0/0/0.0 
10.10.14.1/24 


ge-0/0/0.0 
ge-0/0/2.0 10.10.11.1/24 


10,10.15,1/24 


100.0 
10.10.10.5/32 


MX2 


ge-0/0/0.0 


g¢-0/0/1.0 
10.10,14.2/24 


10.10.16.1/24 ge-0/0/0.0 


10,10.11,2/24 


MXS 
og 
1 { 1.10.2/3 
userQ@MX1l> show isis interface ge-0/0/1 
Is-IS interface datebase: 
Interface L CirID Level 1 DR Level 2 DR L1/L2 Metric 
ge-0/0/0/0 2 Oxl Disabled Point to Point 10/100 
user@MX1> show isis database MX1 extensive find TLV match 10.100.12.0/24 


IP prefix: 10.100.12.0/24, Internal, Metric: defaut 63, Up 
IP extended prefix: 10.100.12.0/2% metric 63 up 


A network is using IS-IS for routing. 

In this scenario, why are there two TLVs shown in the exhibit? 

A. There are both narrow and wide metric devices in the topology 
B. The interface specified a metric of 100 for L2. 


C. Wide metrics have specifically been requested 
D. Both IPv4 and IPv6 are being used in the topology 
Answer: A 
Explanation: 
TLVs are tuples of (Type, Length, Value) that can be advertised in IS-IS packets. 
TLVs can carry different kinds of information in the Link State Packets (LSPs). IS-IS 
supports both narrow and wide metrics for link costs. Narrow metrics use a single 
octet to encode the link cost, while wide metrics use three octets. Narrow metrics 
have a maximum value of 63, while wide metrics have a maximum value of 
16777215. If there are both narrow and wide metric devices in the topology, IS-IS will 
advertise two TLVs for each link: one with the narrow metric and one with the wide 
metric. This allows backward compatibility with older devices that only support narrow 
metrics12. eS 
w 
ee 
9° 
17.In IS-IS, which two statements are correct about the se age intermediate 
system (DIS) on a multi-access network segment? (Choosg two) 
A. A router with a priority of 10 wins the DIS election ovepa router with a priority of 1. 
B. A router with a priority of 1 wins the DIS election over a router with a priority of 10. 
C. On the multi-access network, each router formegath adjacency to every other router 
on the segment aY 
D. On the multi-access network, each routery forms an adjacency to the DIS. 
Answer: A,D Ka 
Explanation: Pa 
In IS-IS, a designated ee (DIS) is a router that is elected on a multi- 
access network segment (such ageEthernet) to perform some functions on behalf of 
other routers on the same segment. A DIS is responsible for sending network link- 
state advertisements (LSP Which describe all the routers attached to the network. 
These LSPs are flooded ¢froughout a single area. A DIS also generates pseudonode 
LSPs, which representthe multi-access network as a single node in the link-state 
database. A DIS elegtion is based on the priority value configured on each router’s 
interface connecter to the multi-access network. The priority value ranges from 0 to 
127, with highe? values indicating higher priority. The router with the highest priority 
becomes the DIS for the area (Level 1, Level 2, or both). If routers have the same 
priority, then the router with the highest MAC address is elected as the DIS. By 
default, routers have a priority value of 64. On a multi-access network, each router 
only forms an adjacency to the DIS, not to every other router on the segment. This 
reduces the amount of hello packets and LSP 
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wnec@RB> show configuration 
torm 10 { 
from í 
protocol bgp? 
route-filcer 203.0.113.128/25 exact: 


RB Routing Table 
203.0.113,128/2a *[AGP/170} 
203.0.113.144/23 “{BGP/12701 
203.09.113.160/28 *[8GP/170} 
203.0.113.176/28 * [BGP7170] 
203.0.113.192/28 *{BG?/170] 
203.0.113.209/29 *[BGP/170} 
203.0.813.224/28 *[BGR/170} 

203.0.113.240/28 *[DGP/170] 


policy-options policy-statement adv-ccoutes 


You are attempting to summarize routes from the 203.0.113.128/25 IP block on R8 to 
AS 64500. You implement the export policy shown in the exhibit anda routes from 


the routing table stop being advertised. se 
In this scenario, which two steps would you take to summarize the route in BGP? 
(Choose two.) aS 


A. Remove the from protocol bgp command from the expt policy. 
B. Add the set protocols bgp family inet unicast add-pajfcommand to allow additional 
routes to the RIB tables. »’ 
C. Add the set routing-options static route 203.0.498.123/25 discard command. 
D. Replace exact in the export policy with orlonger. 

„O 
Answer: C,D P 
Explanation: of 
To summarize routes from the 203.0. 14f3.1 28/25 IP block on R8 to AS 64500, you 
need to do the following: Ka 
? Add the set routing-options static route 203.0.113.128/25 discard command. This 
creates a static route for the afnmary prefix and discards any traffic destined to it. 
This is necessary becausg{8GP can only advertise routes that are present in the 
routing table. of 
? Replace exact in thê`export policy with orlonger. This allows R8 to match and 
advertise any routethat is equal or more specific than the summary prefix. The exact 
term only matckés routes that are exactly equal to the summary prefix, which is not 
present in the routing table. 


19. Exhibit 


Backup Intra-Area Link 
CE-1 CE-2 


OSPF Area 0 OSPF Area 0 


You must ensure that the VPN backbone is preferred over the back door intra-area 
link as long as the VPN is available. Referring to the exhibit, which action will 
accomplish this task? 

A. Configure an import routing policy on the CE routers that rejects OPF routes 
learned on the backup intra-area link. 
B. Enable OSPF traffic-engineering. 90 
C. Configure the OSPF metric on the backup intra-area link that i is higher than the 


Pd 


L3VPN we 
Ce 
link. 
D. Create an OSPF sham link between the PE routers> 
Answer: D ve 
Explanation: ee 


A sham link is a logical link between two PEy6uters that belong to the same OSPF 
area but are connected through an L8VPN®A sham link makes the PE routers appear 
as if they are directly connected, and Qkevents OSPF from preferring an intra-area 
back door link over the VPN backbasé. To create a sham link, you need to configure 
the local and remote addresses gfthe PE routers under the [edit protocols ospf area 
area-id] hierarchy level1. a 


20.Exhibit Ss 


user@router> show l2vpn connections 
Layer-2 VPN connections: 
Legend for connection status (St) 


EI -- encapsulation invalid NC interface encapsulation not 
CCC/TCC/VPLS 
EM -- encapsulation mismatch WE interface and instance encaps not same 
vVc-Dn -- Virtual circuit down NP interface hardware not present 
CM -- control-word mismatch -> only outbound connection is up 
CN -- circuit not provisioned <- only inbound connection is up 
OR -- out of range Up operational 
OL -- no outgoing label Dn down 
LD -- local site signaled down > call admission control failure 
RD -- remote site signaled down sc - local and remote site ID collision 
LN -- local site not designated LM -- local site ID not minimum designated 
RN -- remote site not designated RM remote site ID not minimum designated 
x =- unkKnow connection status IL -- no incoming label 
MM -- MTU mismatch MI Mesn-Group ID not available 
BK -- Backup connecti ta y co ectio 
PE -- Profile arse fai r B z - y 
RS remote site standby tartı eı -pa 
LB Local site ot bes site RS Remote site = pes site 
VM -- VLAN I smat H standby i 
Legend £ intertac t È 
Up -| operati al 
Dn -- v 
Instance vpn-A 
Edge protectii Not-Primary 
Loca site 4 (2) 
co ect ı=siıite Type S rime last $% Up trans 
1 rm x 14 2 1 

Remote PE ELD od Lat | = { 11) 

+ coms J apei as gol Lanell: < 

Local interface: je- 6.610, Status: Up, Encapsulation: VLAN 

Flow Label Tra ni 5; PI Label R 2 

or 


Which two statements aboutyitfe output shown in the exhibit are correct? (Choose 
two.) Kog 

A. The PE is attached to%a single local site. 

B. The connection has not flapped since it was initiated. 

C. There has beeg% VLAN ID mismatch. 

D. The PE rout@? has the capability to pop flow labels 

Answer: A,B 

Explanation: 

The PE is attached to a single local site. 

The output shows "Local site: CE1-2 (2)", which indicates that the Provider Edge (PE) 
router is connected to a single local site labeled as CE1-2, and the number (2) likely 
represents the site identifier. 

The connection has not flapped since it was initiated. 

The output "Time last up" shows a timestamp without any indication of recent flaps or 
downtime. If the connection had flapped, you would typically see a recent timestamp 
indicating the last transition to the "up" state. The absence of such information or a 


counter for flaps/down suggests that the connection has remained stable since it was 
brought up. 


21.Which two statements are correct regarding bootstrap messages that are 
forwarded within a PIM sparse mode domain? (Choose two.) 
A. Bootstrap messages are forwarded only to routers that explicitly requested the 
messages within the PIM sparse-mode domain 
B. Bootstrap messages distribute RP information dynamically during an RP election. 
C. Bootstrap messages are used to notify which router is the PIM RP 
D. Bootstrap messages are forwarded to all routers within a PIM sparse-mode 
domain. 
Answer: B,D 
Explanation: K 
Bootstrap messages are PIM messages that are used to distribłe"rendezvous point 
(RP) information dynamically during an RP election. Bootstrapsmessages are sent by 
bootstrap routers (BSRs), which are routers that are elected to perform the RP 
discovery function for a PIM sparse-mode domain. Bootstfap messages contain 
information about candidate RPs and their multicast grdups, as well as BSR priority 
and hash mask length. Bootstrap messages are fanwarded to all routers within a PIM 
sparse-mode domain using hop-by-hop flooding,” 

„O 


A 
Ka 


22.Exhibit 


path 
641496 64497 64512 I 
64499 64498 64497 64512 T 
. i «32/2 tele 64499 64498 64497 64512 f 
* 203.0.113.46/28 Sele 64499 64490 64497 64512 I 
> t 2 sole 64499 64496 64497 G4512 E 
0.113.80/28 Seic 64499 64498 64497 64512 I 
113.96/2 Selt 64499 64498 64497 64512 r 
0.113.112/29 Self 64499 GA498 64497 64512 I 


R1 and R8 are not receiving each other's routes 

Referring to the exhibit, what are three configuration commands that would solve this 
problem? (Choose three.) 

A. Configure loops and advertise-peer-as on routers in AS 64497 and AS 64450. 

B. Configure loops on routers in AS 65412 and advertise-peer-as on routers in AS 
64498. 

C. Configure as-override on advertisement from AS 64500 toward AS 64512. 

D. Configure remove-private on advertisements from AS 64497 toward AS 64498 

E. Configure remove-private on advertisements from AS 64500 toward AS 64499 


Answer: C,D,E 
Explanation: 
In the scenario described in the exhibit where R1 and R8 are not receiving each 
other's routes, here are three configuration commands that could potentially solve the 
problem, based on common BGP configurations and issues: 
Configure as-override on advertisement from AS 64500 toward AS 64512. 
The as-override command replaces the originating AS number with the local AS 
number in the AS_ PATH attribute when sending BGP updates to a client ina 
confederation or when routes are advertised to eBGP peers in the same AS. This can 
be necessary when routers in different ASNs are not accepting routes due to AS path 
loop prevention mechanisms. 
Configure remove-private on advertisements from AS 64497 toward AS 64498. 
The remove-private command removes private AS numbers from the „AS PATH in 
BGP updates. This is often used when advertising routes to the int diet, where 
private AS numbers should not be present. If R1 and R8 are filteginig routes based on 
the presence of private AS numbers, this command could resq@fve the issue. 
Configure remove-private on advertisements from AS 645Q0toward AS 64499. 
Similarly to the previous point, this command would rem@ve private AS numbers from 
the AS_PATH when AS 64500 is advertising to AS 64499. If these routes are then 
being advertised to R1 and R8, and the presence private AS numbers is causing 
route rejection, this could resolve the issue. e 

RG 


Ee 


23.Which statement is true regarding BGP FlowSpec? 

A. It uses a remote triggered black pafe to protect a network from a denial-of-service 
attack. B 

B. It uses dynamically created sButing policies to protect a network from denial-of- 
service attacks 

C. It is used to protect a eBtwork from denial-of-service attacks dynamically 

D. It verifies that the sice IP of the incoming packet has a resolvable route in the 
routing table ef 

Answer: B $ 

Explanation: 

BGP FlowSpec is a feature that extends the Border Gateway Protocol (BGP) to 
enable routers to exchange traffic flow specifications, allowing for more precise 
control of network traffic. The BGP FlowSpec feature enables routers to advertise and 
receive information about specific flows in the network, such as those originating from 
a particular source or destined for a particular destination. Routers can then use this 
information to construct traffic filters that allow or deny packets of a certain type, rate 
limit flows, or perform other actions1. BGP FlowSpec can also help in filtering traffic 
and taking action against distributed denial of service (DDoS) attacks by dropping the 
DDoS traffic or diverting it to an analyzer2. BGP FlowSpec rules are internally 
converted to equivalent Cisco Common Classification Policy Language (C3PL) 


representing corresponding match and action parameters2. Therefore, BGP 
FlowSpec uses dynamically created routing policies to protect a network from denial- 
of-service attacks. 

References: 

1: https://www.networkingsignal.com/what-is-bgp-flowspec/ 

2: https:/www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-1 6/i 
rg-xe-16-book/bgp-flowspec-route-reflector-support.html 


24.Exhibit 


| Communities: target: 6451 12:5678 mac-mobil ity: 0x0 (sequence 4) 
A 

ae 
You have MAC addresses moving in your EVPN environment eo 
Referring to the exhibit, which two statements are correct about the sequence 
number? (Choose two) aS 

A. It identifies MAC addresses that should be discarded. o* 

B. It resolves conflicting MAC address ownership claig 

C. It helps the local PE to identify the latest advertisement. 

D. It is advertised using a Type 2 message Oy 

Answer: B,C So 

Explanation: Ss 
The sequence number is a field in the MA mobility extended community that is used 
to resolve conflicting MAC address owffership claims and to help the local PE to 
identify the latest advertisement. THe sequence number is incremented by one for 
every MAC address mobility evei, such as when a host moves from one Ethernet 
segment to another segment.f the EVPN network. The PE device that receives 
multiple MAC advertisemęĝts for the same MAC address chooses the one with the 


highest sequence numas? as the most recent and valid advertisement. 


o 


S 
25.You are responding to an RFP for a new MPLS VPN implementation. The solution 
must use LDP for signaling and support Layer 2 connectivity without using BGP. The 
solution must be scalable and support multiple VPN connections over a single MPLS 
LSP The customer wants to maintain all routing for their Private network 
In this scenario, which solution do you propose? 
A. circuit cross-connect 
B. BGP Layer 2 VPN 
C. LDP Layer 2 circuit 
D. translational cross-connect 
Answer: C 
Explanation: 


AToM (Any Transport over MPLS) is a framework that supports various Layer 2 
transport types over an MPLS network core. One of the transport types supported by 
AToM is LDP Layer 2 circuit, which is a point-to-point Layer 2 connection that uses 
LDP for signaling and MPLS for forwarding. LDP Layer 2 circuit can support Layer 2 
connectivity without using BGP and can be scalable and efficient by using a single 
MPLS LSP for multiple VPN connections. The customer can maintain all routing for 
their private network by using their own CE switches. 
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